Tag Archive for: hunters

Hunters International Ransomware Adds Four New Victims

/in


The Hunters International ransomware group has claimed four new victims, expanding its reach across industries and countries.

The targeted organizations include Gunning & LaFazia in the United States, Thermosash Commercial Limited in New Zealand, PROJECT M.O.R.E. in the U.S., and Bradford Health Care, a healthcare institution.

The Targets: Diverse Industries and Geographic Locations

The announcement of cyberattack was made through the group’s dark web portal, showcasing their continued audacity in breaching security systems. The implications of these Hunters International ransomware attacks could be far-reaching, given the diverse industries and geographic locations of the victims.

Hunters International Ransomware
Source: Twitter
Hunters International Ransomware
Source: Twitter

The USA and New Zealand have found themselves at the forefront of this latest cyber onslaught.

Hunters International ransomware
Source: Twitter

Hunters International Strikes Again: Four New Victims Added to Dark Web Portal

To verify the legitimacy of the Hunters International ransomware attack claim, The Cyber Express Team reached out to the targeted organizations. Unfortunately, as of the writing of this report, no responses have been received, leaving the claims unverified.

Interestingly, the official websites of the targeted organizations were found to be fully functional, raising questions about the authenticity of the Hunters International ransomware group’s assertions.

Hunters International ransomware has become synonymous with a repetitive attack pattern, drawing parallels to their previous operations. A significant revelation from October exposed code overlaps between the ransomware used by Hunters International and the once-dominant Hive ransomware.

Bitdefender, a cybersecurity vendor, confirmed this finding, suggesting a strategic decision by the Hive group to transfer its operations and assets to Hunters International.

Repetitive Tactics: Hunters International Ransomware Attack Pattern

This recent cyberattack on multiple organizations echoes a similar pattern observed in 2023 when the L’Azienda USL di Modena Regional Health Service in Italy fell victim to a cyber breach attributed to Hunters International.

Before these incidents, the ransomware group targeted InstantWhip, a major player with a revenue of US$300 million. InstantWhip has yet to release any…

Source…

Hunters International ransomware gang claims to have hacked the Fred Hutch cancer center

/in


Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Pierluigi Paganini
December 16, 2023

The Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch).

Another healthcare organization suffered a ransomware attack, the Hunters International ransomware gang claims to have hacked the Fred Hutchinson Cancer Center (Fred Hutch).

The ransomware gang has added the organization to its dark web leak site and is threatening the victim to leak the alleged stolen data.

Fred Hutchinson Cancer Research Center is an independent, nonprofit research institute based in Seattle, Washington. Its mission is to improve the lives of people worldwide through research, clinical care and education.

The center’s research focuses on cancer prevention, diagnosis, treatment and survivorship. Fred Hutch investigators are making groundbreaking discoveries in cancer genomics, immunotherapy, precision medicine and other fields.

The organization operates a network of clinical sites in the US.

Earlier in December, Fred Hutch disclosed a cyber attack that took place on November 19, 2023. Threat actors had access to its infrastructure.

The Seattle Times reported that Fred Hutch patients started receiving email threats following cyberattack.

“Then this week, the spam emails started to arrive. The threats were sent to a number of former and current Fred Hutch patients — as well as some who have received care from Hutch partner UW Medicine — and claimed the names, Social Security numbers, phone numbers, medical history, lab results and insurance history of more than 800,000 patients had been compromised.” reported the Seattle Times.

“If you are reading this, your data has been stolen and will soon be sold to various data brokers and black markets to be used in fraud and other criminal activities,” the alleged hackers wrote, according to several emails shared with The Seattle Times.”

Fred Hutch
Robert M. Arnold Building, Fred Hutchinson Cancer Research Center.

The organization immediately started the incident response procedure, it took impacted systems offline, a circumstance that suggests that Fred Hutch was the…

Source…

‘Hunters International’ Cyberattackers Take Over Hive Ransomware

/in


The FBI may have successfully disrupted the destructive Hive ransomware operation earlier this year, but the group’s malware code continues to present a threat to organizations everywhere.

In October, a security researcher’s analysis of a ransomware used by new group called Hunters International showed substantial code overlaps with Hive ransomware. A subsequent analysis by Bitdefender found the same similarities, leading researchers at the security vendor to conclude that Hive operators have handed off their crown jewel to another threat actor.

A Strategic Dark Web Decision?

“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” Bitdefender said in a recent report. “While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable.”

Hive was one of the most active ransomware groups at the time the FBI, in concert with counterparts in Germany and the Netherlands, hacked into the group’s infrastructure and systematically neutralized it over a seven-month period.

During that time, investigators captured over 300 decryption keys from Hive operators and handed them off to victims who were under active attack, saving them a cumulative $130 million in losses. Investigators also found — and handed over — an additional 1,000 decryption keys associated with victims of earlier Hive group attacks. The FBI and its partners seized control of websites and servers that Hive was using at the time, effectively shutting down its operational capabilities.

Emerging Threat

In the months since then, Hive’s operators appear to have transferred their code to Hunters International, a threat group with a relatively low number of victims at the moment but with a mature toolkit and a seeming eagerness to show its capabilities.

“Reputation plays a critical role in the ransomware-as-a-service model, and after the disruptions and months-long law enforcement breach of the Hive ransomware group, Hunters International faces the task of demonstrating its competence before it can attract high-caliber…

Source…

Threat hunters minimize Russia’s cyber prowess

/in


Dive Brief:

  • Russian cyberattacks against Ukraine and its allies have yet to materialize at the scale and severity many expected. Russia’s attack against Viasat’s KA-SAT management network during the first hours of its invasion of Ukraine remains its most significant success to date.
  • The Russian wiper malware attack on Viasat was “one of the biggest cyber events that we have seen perhaps ever, certainly in warfare,” Dmitri Alperovitch, CrowdStrike cofounder and executive chairman of the Silverado Policy Accelerator, said Tuesday at the RSA Conference. It blocked the Ukrainian military’s ability to communicate in the first days of the invasion, but Russia’s gain was short-lived.
  • “As we have seen time and time again, for now almost three and a half months of this war, the Russians are horrible at combined arms,” Alperovitch said. This extends to its traditional military that’s faltered on the ground and in the air due to a lack of coordination.

Dive Insight:

Russia has consistently displayed a lack of foresight and planning in its cyber activities since it invaded Ukraine more than 100 days ago. Despite tactical successes in Ukraine, Russia failed to turn those into potentially more devastating campaigns. 

While cyber is an important weapon in warfare, the assumption that it will be such a critical element has been overblown, Alperovitch said. “Even the best tactics, even in cyber, don’t compensate for a really, really bad plan.”

Russia hasn’t, despite expectations, retaliated for the sanctions via cyberattacks against Ukraine’s allies but those attacks may still come. While Russia’s cyberthreat remains lower than expected, the White House and federal cybersecurity authorities continue to caution organizations to remain vigilant. 

The Department of Justice in April disrupted the state-backed Russian botnet Cyclops Blink and Attorney General Merrick Garland pointed to the Russian government’s use of similar infrastructure to attack Ukrainian targets.

Sandra Joyce, EVP and head of global intelligence at Mandiant, said her team observed wiper attacks on individuals and Chinese threat actors operating…

Source…